Close Open Privacy Scan

link https://github.com/typeorm/typeorm
bolt Snapshot: commit cca26a9
science engine v1
schedule 2026-06-25T23:08:00.405601+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code. Dependency data flows are listed separately and do not affect this verdict.

App Privacy Score

97 /100
Low privacy risk

Low risk · 414 finding(s)

Dependency score: 27 (High risk)

bar_chart Score Breakdown

env_fs −3

list Scan Summary

6 high 9 medium 399 low
First-party packages: 1
Dependency packages: 24
Ecosystem: npm

swap_horiz Application data flows

No application data flows were found. See dependency data flows below.

hub Dependency data flows (15)
high pkg-pr-new dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/index.ts:42 pkgs/npm/[email protected]/index.ts:215
high pkg-pr-new dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/index.ts:42 pkgs/npm/[email protected]/index.ts:317
high pkg-pr-new dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/index.ts:42 pkgs/npm/[email protected]/index.ts:523
high pkg-pr-new dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/index.ts:42 pkgs/npm/[email protected]/index.ts:549
high pkg-pr-new dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/index.ts:42 pkgs/npm/[email protected]/index.ts:568
high pkg-pr-new dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/index.ts:42 pkgs/npm/[email protected]/index.ts:590
medium pkg-pr-new dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]/index.ts:42 pkgs/npm/[email protected]/index.ts:230
medium pkg-pr-new dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]/index.ts:42 pkgs/npm/[email protected]/index.ts:321
medium pkg-pr-new dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]/index.ts:42 pkgs/npm/[email protected]/index.ts:325
medium pkg-pr-new dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]/index.ts:42 pkgs/npm/[email protected]/index.ts:330
medium pkg-pr-new dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]/index.ts:42 pkgs/npm/[email protected]/index.ts:532
medium pkg-pr-new dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]/index.ts:42 pkgs/npm/[email protected]/index.ts:560
medium pkg-pr-new dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]/index.ts:42 pkgs/npm/[email protected]/index.ts:577
medium pkg-pr-new dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]/index.ts:42 pkgs/npm/[email protected]/index.ts:610
medium pkg-pr-new dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]/index.ts:42 pkgs/npm/[email protected]/index.ts:619

</> First-Party Code

first-party (npm)

npm first-party
expand_more 24 low-confidence finding(s)
low env_fs production #a14370d8be3f3ca9 Environment-variable access.
repo/docs/docusaurus.config.ts:37 
        process.env.NODE_ENV === "production"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #2aafb26206b67339 Filesystem access.
repo/gulpfile.ts:2 
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #79822fe95c9630fa Filesystem access.
repo/gulpfile.ts:70 
    await fs.writeFile(`${buildDir}/index.mjs`, indexMjsContent, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #953597602f6948d8 Filesystem access.
repo/gulpfile.ts:78 
    const pkg = JSON.parse(await fs.readFile("./package.json", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #5b2757a9a0bccacc Filesystem access.
repo/gulpfile.ts:92 
    await fs.writeFile(
        "./build/package/package.json",
        JSON.stringify(pkg, null, 2) + "\n",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #36ef40ce0b707472 Filesystem access.
repo/packages/codemod/src/dependencies/upgrade.ts:169 
        raw = fs.readFileSync(filePath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #a54dbc65b6874926 Filesystem access.
repo/packages/codemod/src/dependencies/upgrade.ts:189 
            fs.writeFileSync(
                filePath,
                JSON.stringify(pkg, null, indent) + "\n",
                "utf8",
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #5a27b498cee8d70f Environment-variable access.
repo/src/cli-ts-node-esm.ts:4 
if ((process.env["NODE_OPTIONS"] ?? "").includes("--loader ts-node"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #a944d28376b92c03 Environment-variable access.
repo/src/cli-ts-node-esm.ts:12 
                process.env["NODE_OPTIONS"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #87aee404347cf16e Filesystem access.
repo/src/commands/CommandUtils.ts:1 
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #c58a85438b06d0df Filesystem access.
repo/src/commands/CommandUtils.ts:90 
        await fs.writeFile(filePath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #90ce2a7475ad4268 Filesystem access.
repo/src/commands/CommandUtils.ts:99 
        const file = await fs.readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #b54228799295987a Filesystem access.
repo/src/commands/InitCommand.ts:116 
            const packageJsonContents = await CommandUtils.readFile(
                basePath + "/package.json",
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #bf3c6a2799d774bb Filesystem access.
repo/src/commands/InitCommand.ts:717 
            await CommandUtils.readFile(
                path.resolve(__dirname, "..", "package.json"),
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #ed0b59b469070243 Environment-variable access.
repo/src/driver/oracle/OracleDriver.ts:302 
            process.env.ORA_SDTZ = "UTC"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #fe46f7202cde8412 Environment-variable access.
repo/src/driver/postgres/PostgresDriver.ts:367 
            process.env.PGTZ = "UTC"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #5115b139e934bb36 Filesystem access.
repo/src/driver/sqljs/SqljsDriver.ts:94 
                    const database = PlatformTools.readFileSync(
                        fileNameOrLocalStorageOrData,
                    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #cb99662f362ff8b4 Filesystem access.
repo/src/driver/sqljs/SqljsDriver.ts:176 
                await PlatformTools.writeFile(path, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #6c910c8052294ce2 Filesystem access.
repo/src/platform/PlatformTools.ts:2 
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #1b8da2813fb50605 Filesystem access.
repo/src/platform/PlatformTools.ts:10 
export { ReadStream } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #4f1213b94e678bb2 Filesystem access.
repo/src/platform/PlatformTools.ts:194 
        return fs.readFileSync(filename)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #3b7d2f21edab8d7e Filesystem access.
repo/src/platform/PlatformTools.ts:202 
        return fs.promises.writeFile(path, data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #a494608c5ff35a60 Filesystem access.
repo/src/util/ImportUtils.ts:1 
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #31b48f4051b6f1a6 Filesystem access.
repo/src/util/ImportUtils.ts:99 
                    await fs.readFile(potentialPackageJson, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

pkg-pr-new

npm dependency
high pii_flow dependency Excluded from app score #b5f3263397f34073 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/index.ts:215 · flow /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:42 → /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:215 
            checkResponse = await fetch(new URL("/check", apiUrl), {
              method: "POST",
              body: JSON.stringify({
                owner,
                repo,
                key,
              }),
            });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
high pii_flow dependency Excluded from app score #52898b1517fd0692 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/index.ts:317 · flow /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:42 → /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:317 
              const resource = await fetch(longDepUrl, {
                signal: controller.signal,
              });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
high pii_flow dependency Excluded from app score #3ecee94397031f0d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/index.ts:523 · flow /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:42 → /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:523 
                const createMultipartRes = await fetch(createMultipart, {
                  method: "POST",
                  headers: {
                    "sb-key": key,
                    "sb-name": name.slice("package:".length),
                    "sb-sha": sha,
                  },
                });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
high pii_flow dependency Excluded from app score #d21075803e25d50d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/index.ts:549 · flow /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:42 → /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:549 
                  const uploadMultipartRes = await fetch(uploadMultipart, {
                    method: "PUT",
                    headers: {
                      key: uploadKey,
                      id: uploadId,
                      "part-number": `${i + 1}`,
                    },
                    body: chunk,
                  });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
high pii_flow dependency Excluded from app score #9ba34511a70c3c45 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/index.ts:568 · flow /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:42 → /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:568 
                const completeMultipartRes = await fetch(completeMultipart, {
                  method: "POST",
                  headers: {
                    key: uploadKey,
                    id: uploadId,
                    "uploaded-parts": JSON.stringify(uploadedParts),
                  },
                });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
high pii_flow dependency Excluded from app score #72aeb81700b8e56d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/index.ts:590 · flow /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:42 → /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:590 
          const res = await fetch(publishUrl, {
            method: "POST",
            headers: {
              "sb-sha": sha,
              "sb-comment": comment,
              "sb-compact": `${isCompact}`,
              "sb-key": key,
              "sb-shasums": JSON.stringify(shasums),
              "sb-run-id": GITHUB_RUN_ID,
              "sb-bin": `${isBinaryApplication}`,
              "sb-package-manager": selectedPackageManager.join(","),
              "sb-only-templates": `${isOnlyTemplates}`,
              "sb-comment-with-sha": `${isCommentWithSha}`,
              "sb-comment-with-dev": `${isCommentWithDev}`,
            },
            body: formData,
          });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
medium pii_flow dependency Excluded from app score #f935109f16bb5fa7 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]/index.ts:230 · flow /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:42 → /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:230 
            console.error(
              `Check failed (${checkResponse.status}): ${errorText}`,
            );

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
medium pii_flow dependency Excluded from app score #18bbaa4f403fb99b PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]/index.ts:321 · flow /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:42 → /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:321 
                console.warn(
                  `${pJson.name}@${formattedSha} was already published on ${longDepUrl}`,
                );

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
medium pii_flow dependency Excluded from app score #988d3fbed9822b9d PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]/index.ts:325 · flow /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:42 → /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:325 
                console.warn(
                  `Server error checking ${longDepUrl} (${resource.status}), proceeding with publish`,
                );

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
medium pii_flow dependency Excluded from app score #6f1eb65103e2654a PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]/index.ts:330 · flow /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:42 → /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:330 
              console.warn(
                `Failed to check if package exists at ${longDepUrl}: ${error}`,
              );

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
medium pii_flow dependency Excluded from app score #c86e65e17e055132 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]/index.ts:532 · flow /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:42 → /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:532 
                  console.error(await createMultipartRes.text());

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
medium pii_flow dependency Excluded from app score #a7fadd3434972cf5 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]/index.ts:560 · flow /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:42 → /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:560 
                    console.error(
                      `Error uploading part ${i + 1}: ${await uploadMultipartRes.text()}`,
                    );

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
medium pii_flow dependency Excluded from app score #831cee77bc160c47 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]/index.ts:577 · flow /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:42 → /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:577 
                  console.error(
                    `Error completing ${key}: ${await completeMultipartRes.text()}`,
                  );

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
medium pii_flow dependency Excluded from app score #0db480113cb47a77 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]/index.ts:610 · flow /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:42 → /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:610 
            console.error(`Publishing failed (${res.status}): ${errorText}`);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
medium pii_flow dependency Excluded from app score #b52c2e05c713a0c5 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]/index.ts:619 · flow /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:42 → /tmp/closeopen-m3k7audd/pkgs/npm/[email protected]/index.ts:619 
            console.error(`Raw response: ${await res.text()}`);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
expand_more 12 low-confidence finding(s)
low env_fs dependency Excluded from app score #b17e40d649649e86 Environment-variable access.
pkgs/npm/[email protected]/index.ts:42 
const apiUrl = process.env.API_URL ?? API_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #237d8a67477f44b4 Environment-variable access.
pkgs/npm/[email protected]/index.ts:186 
          if (!process.env.TEST && process.env.GITHUB_ACTIONS !== "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #237d8a67477f44b4 Environment-variable access.
pkgs/npm/[email protected]/index.ts:186 
          if (!process.env.TEST && process.env.GITHUB_ACTIONS !== "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #45d34e1a84a95f14 Environment-variable access.
pkgs/npm/[email protected]/index.ts:240 
          if (process.env.GITHUB_EVENT_NAME !== "pull_request") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #fdc00857ac142a33 Filesystem access.
pkgs/npm/[email protected]/index.ts:380 
              const gitignoreContent = await fs.readFile(gitignorePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #e76e5ed544123595 Filesystem access.
pkgs/npm/[email protected]/index.ts:394 
              const file = await fs.readFile(path.join(templateDir, filePath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f2813c2d206126eb Filesystem access.
pkgs/npm/[email protected]/index.ts:495 
              const buffer = await fs.readFile(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #cfa7a7ffe0e3db60 Filesystem access.
pkgs/npm/[email protected]/index.ts:659 
            await fs.writeFile(jsonFilePath, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #06dede260bb05979 Filesystem access.
pkgs/npm/[email protected]/index.ts:714 
      .update(await fs.readFile(path.resolve(p, filename)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c671f4cd220f284b Filesystem access.
pkgs/npm/[email protected]/index.ts:754 
  return () => fs.writeFile(pJsonPath, pJsonContents);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #1b3a1b29e59dedd6 Filesystem access.
pkgs/npm/[email protected]/index.ts:812 
    return await fs.readFile(p, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #b7dae9fcc4a87d92 Environment-variable access.
pkgs/npm/[email protected]/tsup.config.ts:12 
    API_URL: JSON.stringify(process.env.API_URL ?? "https://localhost:3000"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@stryker-mutator/core

npm dependency
expand_more 40 low-confidence finding(s)
low env_fs dependency Excluded from app score #73088e31452b8252 Filesystem access.
pkgs/npm/@[email protected]/src/config/config-reader.ts:1 
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #bec6aea808a13092 Filesystem access.
pkgs/npm/@[email protected]/src/config/config-reader.ts:104 
    const fileContent = await fs.promises.readFile(configFile, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ef74564f59e5c2fb Filesystem access.
pkgs/npm/@[email protected]/src/di/plugin-loader.ts:2 
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9c4fa08714427484 Filesystem access.
pkgs/npm/@[email protected]/src/fs/file-system.ts:1 
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f6f27bb2d6b9c63d Filesystem access.
pkgs/npm/@[email protected]/src/fs/project-file.ts:32 
      await this.fs.writeFile(to, this.#currentContent, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #98648cb4086a3a26 Filesystem access.
pkgs/npm/@[email protected]/src/fs/project-file.ts:58 
        this.#originalContent = await this.fs.readFile(this.name, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3d6f37b828ca25e8 Filesystem access.
pkgs/npm/@[email protected]/src/fs/project-file.ts:71 
      await this.fs.writeFile(this.name, this.#currentContent, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #88b0754d16af0988 Filesystem access.
pkgs/npm/@[email protected]/src/fs/project-file.ts:92 
      await this.fs.writeFile(backupFileName, this.#originalContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ed4423e1f93fcf36 Filesystem access.
pkgs/npm/@[email protected]/src/fs/project-reader.ts:420 
      const contents = await this.fs.readFile(this.incrementalFile, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f1d1fa170e6b5366 Filesystem access.
pkgs/npm/@[email protected]/src/initializer/custom-initializers/angular-initializer.ts:2 
import fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #5542a865c55a5828 Filesystem access.
pkgs/npm/@[email protected]/src/initializer/custom-initializers/angular-initializer.ts:86 
      return JSON.parse(await fs.readFile(packageLocation, 'utf8')).version;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #221b4761b80d7769 Filesystem access.
pkgs/npm/@[email protected]/src/initializer/gitignore-writer.ts:2 
import { existsSync, promises as fs } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #588e507e52fcf602 Filesystem access.
pkgs/npm/@[email protected]/src/initializer/gitignore-writer.ts:19 
      const gitignoreContent = await fs.readFile(GITIGNORE_FILE);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #b1bf79ac1337b7cc Environment-variable access.
pkgs/npm/@[email protected]/src/initializer/npm-registry.ts:15 
  if (process.env.npm_config_registry) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c2bab9ec20f796eb Environment-variable access.
pkgs/npm/@[email protected]/src/initializer/npm-registry.ts:16 
    return process.env.npm_config_registry;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c33d0dc6833bfe5f Environment-variable access.
pkgs/npm/@[email protected]/src/initializer/npm-registry.ts:17 
  } else if (process.env.npm_command) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #cc4b6eb7eed483d0 Filesystem access.
pkgs/npm/@[email protected]/src/initializer/stryker-config-writer.ts:1 
import { promises as fs } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a593ae832d7dcb55 Filesystem access.
pkgs/npm/@[email protected]/src/initializer/stryker-config-writer.ts:125 
    await fs.writeFile(configFileName, formattedConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0bedd1c7cdcc7131 Filesystem access.
pkgs/npm/@[email protected]/src/initializer/stryker-config-writer.ts:150 
    await fs.writeFile(configFileName, formattedConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #2783f6a50b3093e6 Filesystem access.
pkgs/npm/@[email protected]/src/initializer/stryker-initializer.ts:2 
import { promises as fsPromises } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #afc46b5e98b90ead Environment-variable access.
pkgs/npm/@[email protected]/src/initializer/stryker-initializer.ts:74 
      if (process.env[from] && !process.env[to]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #afc46b5e98b90ead Environment-variable access.
pkgs/npm/@[email protected]/src/initializer/stryker-initializer.ts:74 
      if (process.env[from] && !process.env[to]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #1db3fc08ec0b9791 Environment-variable access.
pkgs/npm/@[email protected]/src/initializer/stryker-initializer.ts:75 
        process.env[to] = process.env[from];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #1db3fc08ec0b9791 Environment-variable access.
pkgs/npm/@[email protected]/src/initializer/stryker-initializer.ts:75 
        process.env[to] = process.env[from];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4da0cc3a10f0495e Filesystem access.
pkgs/npm/@[email protected]/src/initializer/stryker-initializer.ts:110 
          ([name, content]) => fsPromises.writeFile(name, content),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0f0ad1641d3f610e Filesystem access.
pkgs/npm/@[email protected]/src/logging/logging-backend.ts:1 
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #d5695b141af83697 Filesystem access.
pkgs/npm/@[email protected]/src/reporters/event-recorder-reporter.ts:2 
import { promises as fsPromises } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #27f03929f4254911 Filesystem access.
pkgs/npm/@[email protected]/src/reporters/event-recorder-reporter.ts:46 
    return fsPromises.writeFile(filename, JSON.stringify(data), {
      encoding: 'utf8',
    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #296aed71ffd0e1f2 Filesystem access.
pkgs/npm/@[email protected]/src/reporters/html-reporter.ts:1 
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #2f8627e07480b1a5 Filesystem access.
pkgs/npm/@[email protected]/src/reporters/html-reporter.ts:38 
    await reporterUtil.writeFile(this.options.htmlReporter.fileName, html);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a002e7c07f9d7fe3 Filesystem access.
pkgs/npm/@[email protected]/src/reporters/html-reporter.ts:49 
  const scriptContent = await fs.promises.readFile(
    require.resolve('mutation-testing-elements/dist/mutation-test-elements.js'),
    'utf-8',
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f0aa8aeff39b6991 Filesystem access.
pkgs/npm/@[email protected]/src/reporters/json-reporter.ts:37 
    await reporterUtil.writeFile(
      path.resolve(filePath),
      JSON.stringify(report, null, INDENTION_LEVEL),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #74f9513019f7f579 Filesystem access.
pkgs/npm/@[email protected]/src/reporters/mutation-test-report-helper.ts:164 
      await this.fs.writeFile(
        this.options.incrementalFile,
        JSON.stringify(report, null, 2),
        'utf-8',
      );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3593a6f9226ad162 Filesystem access.
pkgs/npm/@[email protected]/src/reporters/reporter-util.ts:2 
import { createReadStream, createWriteStream, promises as fs } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #1970b78fb183d2c7 Filesystem access.
pkgs/npm/@[email protected]/src/reporters/reporter-util.ts:18 
    await fs.writeFile(fileName, content, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3889c1d167c1d8b6 Filesystem access.
pkgs/npm/@[email protected]/src/stryker-package.ts:2 
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #654e15ce579c4a3e Filesystem access.
pkgs/npm/@[email protected]/src/stryker-package.ts:8 
    fs.readFileSync(
      fileURLToPath(new URL('../../package.json', import.meta.url)),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #515bbdf7e1d889bd Filesystem access.
pkgs/npm/@[email protected]/src/utils/file-utils.ts:2 
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c3a5366d39558998 Environment-variable access.
pkgs/npm/@[email protected]/src/utils/object-utils.ts:28 
    return process.env[nameEnvironmentVariable];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #14015eb683d9d680 Filesystem access.
pkgs/npm/@[email protected]/src/utils/temporary-directory.ts:2 
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@stryker-mutator/mocha-runner

npm dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #b8538881e385b7df Filesystem access.
pkgs/npm/@[email protected]/src/index.ts:1 
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #599816df67e1a837 Filesystem access.
pkgs/npm/@[email protected]/src/index.ts:19 
    fs.readFileSync(
      new URL('../schema/mocha-runner-options.json', import.meta.url),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #347efff465cce3b3 Filesystem access.
pkgs/npm/@[email protected]/src/mocha-adapter.ts:2 
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #2b0eef4f95d3790f Filesystem access.
pkgs/npm/@[email protected]/src/mocha-options-loader.ts:1 
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f26c056e996f9282 Filesystem access.
pkgs/npm/@[email protected]/src/mocha-options-loader.ts:122 
    return this.parseOptsFile(fs.readFileSync(optsFileName, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #7afe00cb11094674 Filesystem access.
pkgs/npm/@[email protected]/src/utils.ts:1 
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9460156f8713d0cc Filesystem access.
pkgs/npm/@[email protected]/src/utils.ts:7 
    fs.readFileSync(
      new URL('../schema/mocha-runner-options.json', import.meta.url),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@types/gulp

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #e1952db8090f49a9 Filesystem access.
pkgs/npm/@[email protected]/index.d.ts:2 
import * as fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

better-sqlite3

npm dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #638263fd6efa8ae6 Filesystem access.
pkgs/npm/[email protected]/deps/copy.js:3 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #638263fd6efa8ae6 Filesystem access.
pkgs/npm/[email protected]/deps/copy.js:3 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9880674f6484463b Filesystem access.
pkgs/npm/[email protected]/lib/database.js:2 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9880674f6484463b Filesystem access.
pkgs/npm/[email protected]/lib/database.js:2 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #264a99712ba9a15f Filesystem access.
pkgs/npm/[email protected]/lib/methods/backup.js:2 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #264a99712ba9a15f Filesystem access.
pkgs/npm/[email protected]/lib/methods/backup.js:2 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

c8

npm dependency
expand_more 14 low-confidence finding(s)
low env_fs dependency Excluded from app score #02ecb4a9a5c45249 Environment-variable access.
pkgs/npm/[email protected]/bin/c8.js:27 
    process.env.NODE_V8_COVERAGE = argv.tempDirectory

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #e86e104ccc2b05f4 Environment-variable access.
pkgs/npm/[email protected]/lib/commands/report.js:40 
    monocartArgv: (argv.experimentalMonocart || process.env.EXPERIMENTAL_MONOCART) ? argv : null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #37a672c45f51c38a Filesystem access.
pkgs/npm/[email protected]/lib/parse-args.js:4 
const { readFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #37a672c45f51c38a Filesystem access.
pkgs/npm/[email protected]/lib/parse-args.js:4 
const { readFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #57eabca61d0f5109 Filesystem access.
pkgs/npm/[email protected]/lib/parse-args.js:18 
        const config = JSON.parse(readFileSync(path))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c79ae404fcf6823a Environment-variable access.
pkgs/npm/[email protected]/lib/parse-args.js:129 
      default: process.env.NODE_V8_COVERAGE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #05faf5a0c4b5862c Filesystem access.
pkgs/npm/[email protected]/lib/report.js:9 
  ;({ readFile } = require('fs').promises)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8237302b723d7d8f Filesystem access.
pkgs/npm/[email protected]/lib/report.js:11 
const { readdirSync, readFileSync, statSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8237302b723d7d8f Filesystem access.
pkgs/npm/[email protected]/lib/report.js:11 
const { readdirSync, readFileSync, statSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0a1090778ae8769b Filesystem access.
pkgs/npm/[email protected]/lib/report.js:452 
        reports.push(JSON.parse(readFileSync(
          resolve(this.tempDirectory, file),
          'utf8'
        )))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0637dddb9c2b0930 Filesystem access.
pkgs/npm/[email protected]/lib/source-map-from-file.js:27 
const { readFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0637dddb9c2b0930 Filesystem access.
pkgs/npm/[email protected]/lib/source-map-from-file.js:27 
const { readFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #26f4a49aa4e6fd76 Filesystem access.
pkgs/npm/[email protected]/lib/source-map-from-file.js:40 
  const fileBody = readFileSync(filename).toString()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #d39f188e112fe59c Filesystem access.
pkgs/npm/[email protected]/lib/source-map-from-file.js:71 
    const content = readFileSync(fileURLToPath(mapURL), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

dayjs

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #f384a01f9d2c7a21 Environment-variable access.
pkgs/npm/[email protected]/esm/plugin/devHelper/index.js:4 
  if (!process || process.env.NODE_ENV !== 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #e2855d0b6e4ad654 Environment-variable access.
pkgs/npm/[email protected]/plugin/devHelper.js:1 
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).dayjs_plugin_devHelper=t()}(this,(function(){"use strict";return function(e,t,s){if(!process||"production"!==process.env.NODE_ENV){var o=t.prototype,n=o.parse;o.parse=function(e){var t=e.date;return"string"==typeof t&&13===t.length&&console.warn("To parse a Unix timestamp like "+t+", you should pass it as a Number. https://day.js.org/docs/en/parse/unix-timestamp-milliseconds"),"number"==typeof t&&4===String(t).length&&console.warn("Guessing you may want to parse the Year "+t+", you should pass it as a String "+t+", not a Number. Otherwise, "+t+" will be treated as a Unix timestamp"),e.args.length>=2&&!s.p.customParseFormat&&console.warn("To parse a date-time string like "+t+" using the given format, you should enable customParseFormat plugin first. https://day.js.org/docs/en/parse/string-format"),n.bind(this)(e)};var a=s.locale;s.locale=function(e,t,o){return void 0===t&&"string"==typeof e&&(s.Ls[e]||console.warn("Guessing you may want to use locale "+e+", you have to load it before using it. https://day.js.org/docs/en/i18n/loading-into-nodejs")),a(e,t,o)};var i=o.diff;o.diff=function(e,t,o){return(!e||!s(e).isValid())&&console.warn("Invalid usage: diff() requires a valid comparison date as the first argument. https://day.js.org/docs/en/display/difference"),i.call(this,e,t,o)}}}}));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

debug

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #953eca5db7f5f4ae Environment-variable access.
pkgs/npm/[email protected]/src/browser.js:230 
		r = process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4405e93d9e18ab23 Environment-variable access.
pkgs/npm/[email protected]/src/node.js:136 
	let val = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #b99991d05ad829d3 Environment-variable access.
pkgs/npm/[email protected]/src/node.js:205 
		process.env.DEBUG = namespaces;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #efa1177b34a6313b Environment-variable access.
pkgs/npm/[email protected]/src/node.js:209 
		delete process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #fafcc45770cb26b4 Environment-variable access.
pkgs/npm/[email protected]/src/node.js:221 
	return process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint

npm dependency
expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #9c6b4ad8b7eb6841 Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/lint-result-cache.js:129 
			results.source = fs.readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8cf76f10230bbbdf Filesystem access.
pkgs/npm/[email protected]/lib/cli.js:133 
			await writeFile(filePath, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #18a58806674dc6fe Filesystem access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1281 
		const text = await fsp.readFile(filePath, {
			encoding: "utf8",
			signal: controller?.signal,
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #72a3d422131aeefa Environment-variable access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1326 
	if (!process.env.ESLINT_FLAGS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #859edae76b6d7ade Environment-variable access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1330 
	const envFlags = process.env.ESLINT_FLAGS.trim().split(/\s*,\s*/gu);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #305e5d0baa84deaf Filesystem access.
pkgs/npm/[email protected]/lib/eslint/eslint.js:825 
					retrier.retry(() => fs.writeFile(r.filePath, r.output)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3ad4209ce3b02fde Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:44 
const enabled = !!process.env.TIMING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #70561b3c6befd550 Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:56 
	if (typeof process.env.TIMING !== "string") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #00032fbb51c999ff Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:60 
	if (process.env.TIMING.toLowerCase() === "all") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c3727b46420e9320 Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:64 
	const TIMING_ENV_VAR_AS_INTEGER = Number.parseInt(process.env.TIMING, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6610308242ca3c9e Filesystem access.
pkgs/npm/[email protected]/lib/rule-tester/rule-tester.js:697 
				let content = readFileSync(sourceFile, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8cfeb8feda5f8e5a Filesystem access.
pkgs/npm/[email protected]/lib/services/suppressions-service.js:217 
			const data = await fs.promises.readFile(this.filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9f126ada723f3e43 Filesystem access.
pkgs/npm/[email protected]/lib/services/suppressions-service.js:240 
		return fs.promises.writeFile(
			this.filePath,
			stringify(suppressions, { space: 2 }),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint-plugin-jsdoc

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #be6860c3399ae9c5 Filesystem access.
pkgs/npm/[email protected]/src/getJsdocProcessorPlugin.js:35 
  readFileSync(join(import.meta.dirname, '../package.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #dc6b85935e40e3a2 Filesystem access.
pkgs/npm/[email protected]/src/rules/importsAsDependencies.js:26 
      readFileSync(join(process.cwd(), './package.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6bc0fb92aa7e29c1 Filesystem access.
pkgs/npm/[email protected]/src/rules/importsAsDependencies.js:101 
              readFileSync(join(process.cwd(), 'node_modules', mod, './package.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint-plugin-unicorn

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #851c452863b504c8 Filesystem access.
pkgs/npm/[email protected]/rules/shared/package-json.js:33 
			packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

husky

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #95f885d8e027615c Filesystem access.
pkgs/npm/[email protected]/bin.js:2 
import f, { writeFileSync as w } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c05931106266794b Filesystem access.
pkgs/npm/[email protected]/bin.js:12 
	s = f.readFileSync(n)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3d7921aca70dd823 Filesystem access.
pkgs/npm/[email protected]/bin.js:15 
	w(n, JSON.stringify(o, 0, /\t/.test(s) ? '\t' : 2) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f9c7a970ea44420b Filesystem access.
pkgs/npm/[email protected]/bin.js:18 
	w('.husky/pre-commit', (p.env.npm_config_user_agent?.split('/')[0] ?? 'npm') + ' test\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #221564f9a039c7d6 Filesystem access.
pkgs/npm/[email protected]/index.js:2 
import f, { readdir, writeFileSync as w } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3bfd3d20aaf13f6b Environment-variable access.
pkgs/npm/[email protected]/index.js:9 
	if (process.env.HUSKY === '0') return 'HUSKY=0 skip install'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4e69b2673a70ad9a Filesystem access.
pkgs/npm/[email protected]/index.js:20 
	w(_('.gitignore'), '*')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #06b2d87c48557278 Filesystem access.
pkgs/npm/[email protected]/index.js:22 
	l.forEach(h => w(_(h), `#!/usr/bin/env sh\n. "\$(dirname "\$0")/h"`, { mode: 0o755 }))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #2174fc12695f79b0 Filesystem access.
pkgs/npm/[email protected]/index.js:23 
	w(_('husky.sh'), msg)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

lint-staged

npm dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #6e212113964b379a Filesystem access.
pkgs/npm/[email protected]/lib/cli.js:205 
  const packageJsonFile = await readFile(path.join(dirname, '../package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #bd03e49787a3d158 Filesystem access.
pkgs/npm/[email protected]/lib/file.js:16 
    return await fs.readFile(filename)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9c091c7f4c6a9b6b Filesystem access.
pkgs/npm/[email protected]/lib/file.js:52 
  await fs.writeFile(filename, buffer)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3b851848a15c8d14 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:145 
      readFile(this.mergeHeadFilename).then((buffer) => (this.mergeHeadBuffer = buffer)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #2ee7c4e795385a10 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:146 
      readFile(this.mergeModeFilename).then((buffer) => (this.mergeModeBuffer = buffer)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ea0f9e880f516ee7 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:147 
      readFile(this.mergeMsgFilename).then((buffer) => (this.mergeMsgBuffer = buffer)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #90297b48ef29caf2 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:159 
        this.mergeHeadBuffer && writeFile(this.mergeHeadFilename, this.mergeHeadBuffer),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #d7b2f102fd6cc972 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:160 
        this.mergeModeBuffer && writeFile(this.mergeModeFilename, this.mergeModeBuffer),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c9c95872e7af0d29 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:161 
        this.mergeMsgBuffer && writeFile(this.mergeMsgFilename, this.mergeMsgBuffer),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #5b95332f6175ee6f Environment-variable access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:311 
    const activeIndexFile = process.env.GIT_INDEX_FILE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a575a36c6bea5322 Environment-variable access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:312 
      ? normalizePath(process.env.GIT_INDEX_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f11663c281e3afc6 Environment-variable access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:313 
      : process.env.GIT_INDEX_FILE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c5e8590b2bc32cd3 Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:150 
  debugLog('Unset GIT_LITERAL_PATHSPECS (was `%s`)', process.env.GIT_LITERAL_PATHSPECS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #bbcee32b028b37b5 Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:151 
  delete process.env.GIT_LITERAL_PATHSPECS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f85d5ec483a6adee Filesystem access.
pkgs/npm/[email protected]/lib/loadConfig.js:14 
const readFile = async (filename) => fs.readFile(path.resolve(filename), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0d994e588390854a Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:42 
    debugLog('Unset GIT_DIR (was `%s`)', process.env.GIT_DIR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #e1b78a6fc216fa3c Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:43 
    delete process.env.GIT_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #55cd0f152a0b0b56 Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:44 
    debugLog('Unset GIT_WORK_TREE (was `%s`)', process.env.GIT_WORK_TREE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #37c00b27e946637d Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:45 
    delete process.env.GIT_WORK_TREE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #04f6ce45b110de82 Filesystem access.
pkgs/npm/[email protected]/lib/version.js:4 
  const packageJson = JSON.parse(await fs.readFile(new URL('../package.json', import.meta.url)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mocha

npm dependency
expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #60ca0fb3c7ad3516 Filesystem access.
pkgs/npm/[email protected]/lib/cli/config.js:39 
    require("js-yaml").load(fs.readFileSync(filepath, "utf8")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #458d838fcd346122 Filesystem access.
pkgs/npm/[email protected]/lib/cli/config.js:55 
      require("strip-json-comments")(fs.readFileSync(filepath, "utf8")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #fdd16d42914cd941 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:27 
  const css = fs.readFileSync(path.join(srcdir, "mocha.css"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9aefc5171f7684ea Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:28 
  const js = fs.readFileSync(path.join(srcdir, "mocha.js"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c3cbb43e1e645fca Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:29 
  const tmpl = fs.readFileSync(
    path.join(srcdir, "lib", "browser", "template.html"),
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a0395a64802574af Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:32 
  fs.writeFileSync(path.join(destdir, "mocha.css"), css);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4c845960d71e9266 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:33 
  fs.writeFileSync(path.join(destdir, "mocha.js"), js);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #5fdd7b74ec6bb676 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:34 
  fs.writeFileSync(path.join(destdir, "tests.spec.js"), "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #7421585771e0bcd9 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:35 
  fs.writeFileSync(path.join(destdir, "index.html"), tmpl);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #1346abb1de273d86 Filesystem access.
pkgs/npm/[email protected]/lib/cli/options.js:240 
      configData = fs.readFileSync(filepath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #aa2ae730857d2e44 Environment-variable access.
pkgs/npm/[email protected]/lib/cli/options.js:302 
  const envConfig = parse(process.env.MOCHA_OPTIONS || "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #258ad2533f01eeac Environment-variable access.
pkgs/npm/[email protected]/lib/reporters/base.js:58 
  (supportsColor.stdout || process.env.MOCHA_COLORS !== undefined);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #2152ef8e0c051ca2 Filesystem access.
pkgs/npm/[email protected]/lib/reporters/json.js:90 
        fs.writeFileSync(output, json);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mongodb

npm dependency
expand_more 56 low-confidence finding(s)
low env_fs dependency Excluded from app score #f6208277985cc877 Filesystem access.
pkgs/npm/[email protected]/etc/prepare.js:3 
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f6208277985cc877 Filesystem access.
pkgs/npm/[email protected]/etc/prepare.js:3 
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #dccd0149f11c8635 Environment-variable access.
pkgs/npm/[email protected]/lib/client-side-encryption/state_machine.js:57 
    if (process.env.MONGODB_CRYPT_DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #111eb7d0caa95ad6 Filesystem access.
pkgs/npm/[email protected]/lib/client-side-encryption/state_machine.js:339 
            const cert = await fs.readFile(tlsOptions.tlsCertificateKeyFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #5d877b0609f831cb Filesystem access.
pkgs/npm/[email protected]/lib/client-side-encryption/state_machine.js:343 
            options.ca = await fs.readFile(tlsOptions.tlsCAFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low egress dependency Excluded from app score #25f151c4a5aa5180 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/cmap/auth/mongodb_oidc/gcp_machine_workflow.js:29 
    const url = new URL(GCP_BASE_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
low env_fs dependency Excluded from app score #cb6e526c1f24c4ca Environment-variable access.
pkgs/npm/[email protected]/lib/cmap/auth/mongodb_oidc/k8s_machine_workflow.js:19 
    if (process.env[AZURE_FILENAME]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #baf53d645e3fdd23 Environment-variable access.
pkgs/npm/[email protected]/lib/cmap/auth/mongodb_oidc/k8s_machine_workflow.js:20 
        filename = process.env[AZURE_FILENAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #96408c9d71505315 Environment-variable access.
pkgs/npm/[email protected]/lib/cmap/auth/mongodb_oidc/k8s_machine_workflow.js:22 
    else if (process.env[AWS_FILENAME]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #87084008a01dcf23 Environment-variable access.
pkgs/npm/[email protected]/lib/cmap/auth/mongodb_oidc/k8s_machine_workflow.js:23 
        filename = process.env[AWS_FILENAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c2fec9b449f8f216 Filesystem access.
pkgs/npm/[email protected]/lib/cmap/auth/mongodb_oidc/token_machine_workflow.js:4 
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c2fec9b449f8f216 Filesystem access.
pkgs/npm/[email protected]/lib/cmap/auth/mongodb_oidc/token_machine_workflow.js:4 
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a706b4dc1b819c86 Environment-variable access.
pkgs/npm/[email protected]/lib/cmap/auth/mongodb_oidc/token_machine_workflow.js:15 
    const tokenFile = process.env.OIDC_TOKEN_FILE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ac07bbb80140b8d1 Filesystem access.
pkgs/npm/[email protected]/lib/cmap/auth/mongodb_oidc/token_machine_workflow.js:19 
    const token = await fs.promises.readFile(tokenFile, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3886692fe28fafa7 Environment-variable access.
pkgs/npm/[email protected]/lib/connection_string.js:390 
        MONGODB_LOG_COMMAND: process.env.MONGODB_LOG_COMMAND,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #259ea40b94f69a04 Environment-variable access.
pkgs/npm/[email protected]/lib/connection_string.js:391 
        MONGODB_LOG_TOPOLOGY: process.env.MONGODB_LOG_TOPOLOGY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #e0254b344dbb2303 Environment-variable access.
pkgs/npm/[email protected]/lib/connection_string.js:392 
        MONGODB_LOG_SERVER_SELECTION: process.env.MONGODB_LOG_SERVER_SELECTION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c8611a7ed0cf88b1 Environment-variable access.
pkgs/npm/[email protected]/lib/connection_string.js:393 
        MONGODB_LOG_CONNECTION: process.env.MONGODB_LOG_CONNECTION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #bea65fb34d6513e4 Environment-variable access.
pkgs/npm/[email protected]/lib/connection_string.js:394 
        MONGODB_LOG_CLIENT: process.env.MONGODB_LOG_CLIENT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f4b7274a9ce9b4e9 Environment-variable access.
pkgs/npm/[email protected]/lib/connection_string.js:395 
        MONGODB_LOG_ALL: process.env.MONGODB_LOG_ALL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c86626702ae4ac8f Environment-variable access.
pkgs/npm/[email protected]/lib/connection_string.js:396 
        MONGODB_LOG_MAX_DOCUMENT_LENGTH: process.env.MONGODB_LOG_MAX_DOCUMENT_LENGTH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ed5e4a5f1880762d Environment-variable access.
pkgs/npm/[email protected]/lib/connection_string.js:397 
        MONGODB_LOG_PATH: process.env.MONGODB_LOG_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #eda731d9deea2351 Filesystem access.
pkgs/npm/[email protected]/lib/mongo_client.js:4 
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #eda731d9deea2351 Filesystem access.
pkgs/npm/[email protected]/lib/mongo_client.js:4 
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3031b559daff45cd Filesystem access.
pkgs/npm/[email protected]/lib/mongo_client.js:216 
                options.ca ??= await fs_1.promises.readFile(options.tlsCAFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0611068e261a6360 Filesystem access.
pkgs/npm/[email protected]/lib/mongo_client.js:219 
                options.crl ??= await fs_1.promises.readFile(options.tlsCRLFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #80d29eecc0907fc7 Filesystem access.
pkgs/npm/[email protected]/lib/mongo_client.js:223 
                    const contents = await fs_1.promises.readFile(options.tlsCertificateKeyFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c9f92c678021085a Filesystem access.
pkgs/npm/[email protected]/lib/utils.js:53 
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c9f92c678021085a Filesystem access.
pkgs/npm/[email protected]/lib/utils.js:53 
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c67989c1de74e3d7 Filesystem access.
pkgs/npm/[email protected]/src/client-side-encryption/state_machine.ts:1 
import * as fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #31f10e901b042458 Environment-variable access.
pkgs/npm/[email protected]/src/client-side-encryption/state_machine.ts:80 
  if (process.env.MONGODB_CRYPT_DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #dfc00f9115d91596 Filesystem access.
pkgs/npm/[email protected]/src/client-side-encryption/state_machine.ts:530 
      const cert = await fs.readFile(tlsOptions.tlsCertificateKeyFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0a862cd86cfd0c55 Filesystem access.
pkgs/npm/[email protected]/src/client-side-encryption/state_machine.ts:534 
      options.ca = await fs.readFile(tlsOptions.tlsCAFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low egress dependency Excluded from app score #817ba3d3355b1b07 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/src/cmap/auth/mongodb_oidc/gcp_machine_workflow.ts:35 
  const url = new URL(GCP_BASE_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
low env_fs dependency Excluded from app score #972463b39b0f4b70 Filesystem access.
pkgs/npm/[email protected]/src/cmap/auth/mongodb_oidc/k8s_machine_workflow.ts:1 
import { readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c9c1b301e0f8d8f8 Environment-variable access.
pkgs/npm/[email protected]/src/cmap/auth/mongodb_oidc/k8s_machine_workflow.ts:22 
  if (process.env[AZURE_FILENAME]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #44dc6d0f1be41aec Environment-variable access.
pkgs/npm/[email protected]/src/cmap/auth/mongodb_oidc/k8s_machine_workflow.ts:23 
    filename = process.env[AZURE_FILENAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #e5368305bffd440c Environment-variable access.
pkgs/npm/[email protected]/src/cmap/auth/mongodb_oidc/k8s_machine_workflow.ts:24 
  } else if (process.env[AWS_FILENAME]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3ff87c543b7a8d6f Environment-variable access.
pkgs/npm/[email protected]/src/cmap/auth/mongodb_oidc/k8s_machine_workflow.ts:25 
    filename = process.env[AWS_FILENAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #61df903bf76654c1 Filesystem access.
pkgs/npm/[email protected]/src/cmap/auth/mongodb_oidc/k8s_machine_workflow.ts:29 
  const token = await readFile(filename, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #e1e892f78334f05f Filesystem access.
pkgs/npm/[email protected]/src/cmap/auth/mongodb_oidc/token_machine_workflow.ts:1 
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #892207bf0e4bd8a7 Environment-variable access.
pkgs/npm/[email protected]/src/cmap/auth/mongodb_oidc/token_machine_workflow.ts:16 
  const tokenFile = process.env.OIDC_TOKEN_FILE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3c1316c31857cc3c Filesystem access.
pkgs/npm/[email protected]/src/cmap/auth/mongodb_oidc/token_machine_workflow.ts:20 
  const token = await fs.promises.readFile(tokenFile, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #bf113de6f1c02a6f Environment-variable access.
pkgs/npm/[email protected]/src/connection_string.ts:530 
      MONGODB_LOG_COMMAND: process.env.MONGODB_LOG_COMMAND,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a39fce8e5862f053 Environment-variable access.
pkgs/npm/[email protected]/src/connection_string.ts:531 
      MONGODB_LOG_TOPOLOGY: process.env.MONGODB_LOG_TOPOLOGY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8362d5bd93d370c3 Environment-variable access.
pkgs/npm/[email protected]/src/connection_string.ts:532 
      MONGODB_LOG_SERVER_SELECTION: process.env.MONGODB_LOG_SERVER_SELECTION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a419efe97e633d7d Environment-variable access.
pkgs/npm/[email protected]/src/connection_string.ts:533 
      MONGODB_LOG_CONNECTION: process.env.MONGODB_LOG_CONNECTION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #15334fce2d3af07a Environment-variable access.
pkgs/npm/[email protected]/src/connection_string.ts:534 
      MONGODB_LOG_CLIENT: process.env.MONGODB_LOG_CLIENT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #011237f33f56d792 Environment-variable access.
pkgs/npm/[email protected]/src/connection_string.ts:535 
      MONGODB_LOG_ALL: process.env.MONGODB_LOG_ALL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ea8b43ce02b77113 Environment-variable access.
pkgs/npm/[email protected]/src/connection_string.ts:536 
      MONGODB_LOG_MAX_DOCUMENT_LENGTH: process.env.MONGODB_LOG_MAX_DOCUMENT_LENGTH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #af50c7247d5a37ec Environment-variable access.
pkgs/npm/[email protected]/src/connection_string.ts:537 
      MONGODB_LOG_PATH: process.env.MONGODB_LOG_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #1d27a3c311938787 Filesystem access.
pkgs/npm/[email protected]/src/mongo_client.ts:1 
import { promises as fs } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6c2076a354a9e034 Filesystem access.
pkgs/npm/[email protected]/src/mongo_client.ts:628 
        options.ca ??= await fs.readFile(options.tlsCAFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a80914ea515f9a1a Filesystem access.
pkgs/npm/[email protected]/src/mongo_client.ts:631 
        options.crl ??= await fs.readFile(options.tlsCRLFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #76a14396b7155b15 Filesystem access.
pkgs/npm/[email protected]/src/mongo_client.ts:635 
          const contents = await fs.readFile(options.tlsCertificateKeyFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3a88a0a6cec20791 Filesystem access.
pkgs/npm/[email protected]/src/utils.ts:3 
import { promises as fs } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mysql2

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #c3770f5aba8228b2 Environment-variable access.
pkgs/npm/[email protected]/lib/packets/index.js:60 
  if (process.env.NODE_DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

oracledb

npm dependency
expand_more 51 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #c73959e851801d7d Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:76 
  user: process.env.NODE_ORACLEDB_USER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs tooling Excluded from app score unknown #b06d587f69ea78ef Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:82 
  password: process.env.NODE_ORACLEDB_PASSWORD,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs tooling Excluded from app score unknown #3e6496bd9c683aad Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:86 
  connectString: process.env.NODE_ORACLEDB_CONNECTIONSTRING,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs tooling Excluded from app score unknown #c6d0d563befc2796 Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:90 
  externalAuth: process.env.NODE_ORACLEDB_EXTERNALAUTH ? true : false,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs tooling Excluded from app score unknown #cc50ccf28a957b59 Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:97 
if (process.env.NODE_ORACLEDB_WALLET_PASSWORD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs tooling Excluded from app score unknown #3dd081e1dbd3cd18 Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:98 
  config.walletPassword = process.env.NODE_ORACLEDB_WALLET_PASSWORD;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs tooling Excluded from app score unknown #9cf1fa23f2af9fbd Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:101 
if (process.env.NODE_ORACLEDB_WALLET_LOCATION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs tooling Excluded from app score unknown #4ebe9c10f1b27462 Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:102 
  config.walletLocation = process.env.NODE_ORACLEDB_WALLET_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs tooling Excluded from app score unknown #37e3021bd7488972 Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:109 
if (process.env.NODE_ORACLEDB_DBA_USER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs tooling Excluded from app score unknown #e628d6766bfe2e69 Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:110 
  config.DBA_user = process.env.NODE_ORACLEDB_DBA_USER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs tooling Excluded from app score unknown #c9ae0e1434af0532 Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:113 
if (process.env.NODE_ORACLEDB_DBA_PASSWORD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs tooling Excluded from app score unknown #c24da4f417145ab2 Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:114 
  config.DBA_password = process.env.NODE_ORACLEDB_DBA_PASSWORD;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs tooling Excluded from app score unknown #d14d668e3f702adf Environment-variable access.
pkgs/npm/[email protected]/examples/example.js:47 
if (process.env.NODE_ORACLEDB_DRIVER_MODE === 'thick') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs tooling Excluded from app score unknown #d04d322d0da663c2 Environment-variable access.
pkgs/npm/[email protected]/examples/example.js:60 
    clientOpts = { libDir: process.env.NODE_ORACLEDB_CLIENT_LIB_DIR };

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6fcf65ad5e4d3f4b Filesystem access.
pkgs/npm/[email protected]/lib/configProviders/file.js:26 
const fs = require('fs').promises;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4230aa7b403e0abe Filesystem access.
pkgs/npm/[email protected]/lib/configProviders/file.js:47 
    const data = Buffer.from(await fs.readFile(this.paramMap.get("filepath"), { encoding: 'utf8', flag: 'r' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #918f00f783f3ad04 Environment-variable access.
pkgs/npm/[email protected]/lib/impl/parserHelpers.js:286 
    const configDir = options.configDir || process.env.TNS_ADMIN || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c1af6feb77992097 Environment-variable access.
pkgs/npm/[email protected]/lib/impl/parserHelpers.js:424 
        errors.throwErr(errors.ERR_TNS_ENTRY_NOT_FOUND, connStr, configDir ? configDir + '/tnsnames.ora' : process.env.TNS_ADMIN + '/tnsnames.ora');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #b9396f521a39f424 Environment-variable access.
pkgs/npm/[email protected]/lib/poolStatistics.js:83 
    this.threadPoolSize = process.env.UV_THREADPOOL_SIZE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #871c5fda8b0cb73c Environment-variable access.
pkgs/npm/[email protected]/lib/thin/connection.js:1248 
    } else if (process.env.ORA_DEBUG_JDWP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #19bbac137211676e Environment-variable access.
pkgs/npm/[email protected]/lib/thin/connection.js:1249 
      this.jdwpData = Buffer.from(process.env.ORA_DEBUG_JDWP);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #2dda78c3ec3b6023 Environment-variable access.
pkgs/npm/[email protected]/lib/thin/protocol/messages/auth.js:115 
    } else if (process.env.ORA_EDITION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9e25d50558012e86 Environment-variable access.
pkgs/npm/[email protected]/lib/thin/protocol/messages/auth.js:116 
      this.edition = process.env.ORA_EDITION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #d9175c2d08f1b233 Environment-variable access.
pkgs/npm/[email protected]/lib/thin/protocol/messages/auth.js:160 
    if (process.env.ORA_SDTZ) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3890691226fc2c5f Environment-variable access.
pkgs/npm/[email protected]/lib/thin/protocol/messages/auth.js:161 
      tzRepr = process.env.ORA_SDTZ;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0cff1ce4e6f5e097 Environment-variable access.
pkgs/npm/[email protected]/lib/thin/sqlnet/ntTcp.js:349 
    if (process.env.NODE_ORACLEDB_DEBUG_PACKETS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #5e4c27fa3de7fac0 Environment-variable access.
pkgs/npm/[email protected]/lib/thin/sqlnet/ntTcp.js:458 
        if (process.env.NODE_ORACLEDB_DEBUG_PACKETS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8cf59dd0fd49450e Filesystem access.
pkgs/npm/[email protected]/lib/thin/sqlnet/paramParser.js:30 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8cf59dd0fd49450e Filesystem access.
pkgs/npm/[email protected]/lib/thin/sqlnet/paramParser.js:30 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #d82563d0468604d5 Environment-variable access.
pkgs/npm/[email protected]/lib/thin/sqlnet/paramParser.js:41 
  const tnsAdminVal = process.env.TNS_ADMIN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #fbb6f16454dd2b04 Filesystem access.
pkgs/npm/[email protected]/lib/thin/sqlnet/sessionAtts.js:32 
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #fbb6f16454dd2b04 Filesystem access.
pkgs/npm/[email protected]/lib/thin/sqlnet/sessionAtts.js:32 
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #544381ea0bf947f0 Filesystem access.
pkgs/npm/[email protected]/lib/thin/sqlnet/sessionAtts.js:151 
      fs.readFile(this.nt.walletFile, (err, data) => {
        if (err) {
          reject(err);
        } else {
          resolve(data);
        }
      });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #2a67ccdcce0ada74 Filesystem access.
pkgs/npm/[email protected]/package/install.js:41 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #2a67ccdcce0ada74 Filesystem access.
pkgs/npm/[email protected]/package/install.js:41 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a1e828c4676f9c62 Filesystem access.
pkgs/npm/[email protected]/package/prunebinaries.js:45 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a1e828c4676f9c62 Filesystem access.
pkgs/npm/[email protected]/package/prunebinaries.js:45 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0fa575fff4833176 Environment-variable access.
pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:47 
    process.env.HTTPS_PROXY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #555a7902db7056ef Environment-variable access.
pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:48 
    process.env.https_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #94651f4c41e40d0c Environment-variable access.
pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:51 
    process.env.HTTPS_PROXY_PORT ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #2451ddbd27b857af Environment-variable access.
pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:52 
    process.env.https_proxy_port;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #65a89033e823c661 Environment-variable access.
pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:90 
  if (process.env.AWS_REGION) return process.env.AWS_REGION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #65a89033e823c661 Environment-variable access.
pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:90 
  if (process.env.AWS_REGION) return process.env.AWS_REGION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #972a16f272588984 Environment-variable access.
pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:94 
    const profile = paramMap.get("aws_profile") || process.env.AWS_PROFILE || "default";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #51311a916b5d20ee Environment-variable access.
pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:111 
    profile: paramMap.get("aws_profile") || process.env.AWS_PROFILE || "default",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #16d2dcb4e799ceca Filesystem access.
pkgs/npm/[email protected]/plugins/configProviders/ociobject/index.js:32 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #16d2dcb4e799ceca Filesystem access.
pkgs/npm/[email protected]/plugins/configProviders/ociobject/index.js:32 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #2ce079af198433e0 Filesystem access.
pkgs/npm/[email protected]/plugins/configProviders/ociobject/index.js:109 
        const publicKey = fs.readFileSync(this.paramMap.get('oci_key_file'), { encoding: "utf8" });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #abe03bf8a877de0a Filesystem access.
pkgs/npm/[email protected]/plugins/token/extensionOci/index.js:31 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #abe03bf8a877de0a Filesystem access.
pkgs/npm/[email protected]/plugins/token/extensionOci/index.js:31 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #7c1de6fdd3a7fce9 Filesystem access.
pkgs/npm/[email protected]/plugins/token/extensionOci/index.js:159 
  const privateKey = fs.readFileSync(privateKeyLocation, 'utf-8'); // ~/.oci/oci_api_key.pem

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pg

npm dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #1ee08090ba018eaa Environment-variable access.
pkgs/npm/[email protected]/lib/connection-parameters.js:15 
    envVar = process.env['PG' + key.toUpperCase()]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6bb5d3abe261559d Environment-variable access.
pkgs/npm/[email protected]/lib/connection-parameters.js:19 
    envVar = process.env[envVar]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #992c8bf09b030050 Environment-variable access.
pkgs/npm/[email protected]/lib/connection-parameters.js:26 
  switch (process.env.PGSSLMODE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8d317164a3ae256b Environment-variable access.
pkgs/npm/[email protected]/lib/connection-parameters.js:127 
      this.connect_timeout = process.env.PGCONNECT_TIMEOUT || 0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #01c39c4d7f836651 Environment-variable access.
pkgs/npm/[email protected]/lib/defaults.js:5 
  user = process.platform === 'win32' ? process.env.USERNAME : process.env.USER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #01c39c4d7f836651 Environment-variable access.
pkgs/npm/[email protected]/lib/defaults.js:5 
  user = process.platform === 'win32' ? process.env.USERNAME : process.env.USER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #98b69566f24a6024 Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:41 
  forceNative = !!process.env.NODE_PG_FORCE_NATIVE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

prettier

npm dependency
expand_more 77 low-confidence finding(s)
low env_fs dependency Excluded from app score #536545bfefb6e4ac Environment-variable access.
pkgs/npm/[email protected]/bin/prettier.cjs:66 
if (process.env.PRETTIER_EXPERIMENTAL_CLI || index !== -1) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8147014890f865c9 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:5609 
    var debug = typeof process === "object" && process.env && process.env.NODE_DEBUG && /\bsemver\b/i.test(process.env.NODE_DEBUG) ? (...args) => console.error("SEMVER", ...args) : () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8147014890f865c9 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:5609 
    var debug = typeof process === "object" && process.env && process.env.NODE_DEBUG && /\bsemver\b/i.test(process.env.NODE_DEBUG) ? (...args) => console.error("SEMVER", ...args) : () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6c500de283701c94 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:6176 
    if (process.env.npm_package_name === "pseudomap" && process.env.npm_lifecycle_script === "test")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6c500de283701c94 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:6176 
    if (process.env.npm_package_name === "pseudomap" && process.env.npm_lifecycle_script === "test")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #465a75a23b398fc4 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:6177 
      process.env.TEST_PSEUDOMAP = "true";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3bc278f08db86ad4 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:6178 
    if (typeof Map === "function" && !process.env.TEST_PSEUDOMAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f125ed7bbc678117 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:6520 
    var hasSymbol = typeof Symbol === "function" && process.env._nodeLRUCacheForceNoSymbol !== "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #e73150197aab7d7c Filesystem access.
pkgs/npm/[email protected]/index.mjs:7655 
            fs4.readFile(file, "utf8", function(err, data) {
              if (err) {
                reject(err);
                return;
              }
              resolve3(parseString2(data));
            });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3a9f16e9989f6163 Filesystem access.
pkgs/npm/[email protected]/index.mjs:7668 
      return parseString2(fs4.readFileSync(file, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #d7c21576cbd1d3f8 Filesystem access.
pkgs/npm/[email protected]/index.mjs:8004 
              fs4.readFile(name, "utf8", function(err, data) {
                resolve3({
                  name,
                  contents: err ? "" : data
                });
              });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #e1e2b73160f1ad9b Filesystem access.
pkgs/npm/[email protected]/index.mjs:8020 
          file = fs4.readFileSync(filepath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8bd82ebdf50011f7 Filesystem access.
pkgs/npm/[email protected]/index.mjs:10382 
import * as fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #21428aa8ad943a57 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:11485 
  return typeof process === "object" && (process.env.FORCE_COLOR === "0" || process.env.FORCE_COLOR === "false") ? false : import_picocolors4.default.isColorSupported;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #21428aa8ad943a57 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:11485 
  return typeof process === "object" && (process.env.FORCE_COLOR === "0" || process.env.FORCE_COLOR === "false") ? false : import_picocolors4.default.isColorSupported;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ebf35f8b230d2fe2 Filesystem access.
pkgs/npm/[email protected]/index.mjs:12540 
import fs2 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #fd14a6cbc13706f2 Filesystem access.
pkgs/npm/[email protected]/index.mjs:12546 
    return await fs2.readFile(file, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #b2a4e64afa3104d0 Filesystem access.
pkgs/npm/[email protected]/index.mjs:12697 
import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #87677d11df5b3ba1 Filesystem access.
pkgs/npm/[email protected]/index.mjs:12707 
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #cea111a8eb3d0bc1 Filesystem access.
pkgs/npm/[email protected]/index.mjs:13059 
    string = fs3.readFileSync(path6.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #5e27d96242ac6cdc Environment-variable access.
pkgs/npm/[email protected]/index.mjs:16485 
      if (process.env.PRETTIER_DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9127d3260046af85 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:10 
import { createWriteStream } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9ff6da4097503f73 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:15 
import fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #d02238d2c8823a60 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:371 
  return dist_default.retry.readFile(retryOptions)(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #edaabe0acd9853e7 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:516 
import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #2fc4f7ab84d4d007 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:526 
import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #fb1b9db49b4d1baf Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:878 
    string2 = fs2.readFileSync(path3.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #18290445e9d9b4c5 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1878 
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #12937a793da2f031 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1955 
          const content = fs3.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a66b595a083899fc Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1961 
          return fs3.writeFileSync(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9c5cab35fc1317b5 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:54 
import fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ca423ff594ac8adf Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:96 
import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #00be31120f5730f2 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:107 
      const buffer2 = attempt(() => fs2.readFileSync(path18), Buffer2.alloc(0));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8bb7cf8dd969764e Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:116 
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3bcf6aacf5b0a4a5 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:612 
import fs4 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #e420884e2aac942b Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:627 
              const content = fs4.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f6482288761d569b Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:633 
              return fs4.writeFileSync(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #20f35829e5288a70 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:2515 
import fs5 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #5680964bf038b2a3 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:2525 
    string2 = fs5.readFileSync(path4.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #01895b427960516d Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:2743 
import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3e06ccef3da67ecc Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:3607 
import fs6 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #1914dcc1ce969bdc Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:4855 
import fs7 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #fce4c2c9fba901a9 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5794 
import fs8 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6d20982886671ccf Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5820 
          const store = JSON.parse(fs8.readFileSync(this.storePath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #738d9685ebdfe5de Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5835 
          fs8.writeFileSync(this.storePath, store);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f61c7456bc40bf28 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5850 
          const content = fs8.readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4f621a8934502dba Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6238 
import fs9 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ab70a0b235464800 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6252 
        return fs9.readFile(filePath, "utf8").then(parse_default2).catch(noop2);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #5a8e923f57dc4fdb Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6582 
import fs10 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #be7618b9d232d405 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6594 
      return fs10.readFile(filePath, "utf8").catch(noop2);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4405e6c62bd0f0ab Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10466 
import fs11 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #591d442c45a8bde8 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10488 
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #b04e7d26ee2ebe59 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10493 
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a4ba4788a1790ab3 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10499 
        const fileBuffer = fs11.readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #88a7bc9a543b2969 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10515 
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #55994559654704c7 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10521 
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8703008b22277e68 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11366 
import fs12 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #567750dad845cedc Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11559 
import { createWriteStream } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0bc324956e32a7b8 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11567 
  return dist_default36.retry.readFile(retryOptions)(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c3ab85386c8a85c7 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:12330 
import fs13 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c5c349344f9ed007 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:12395 
  const ignoreManualFilesContents = await Promise.all(ignoreManualFilesPaths.map((filePath) => fs13.readFile(filePath, "utf8").catch(() => "")));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #87f8cc9223d14983 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:12400 
  const prettierManualFilesContents = await Promise.all(prettierManualFilesPaths.map((filePath) => fs13.readFile(filePath, "utf8")));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0b2f8c968434080d Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1233 
import fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #e2b8502b6de5322a Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1554 
import fs9 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #52bf1d596ce0c6e7 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1778 
import fs4 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9f6402d1a856fd67 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1786 
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3579983f67e3ab84 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1794 
import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #b73042ff65fb49b7 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1888 
    const data = await fs4.readFile(cacheFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #49817966fee816fe Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1906 
import fs7 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #2ffdb2797c03ee1f Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1910 
import fs6 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f5a4e9bc53ce4b6e Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1914 
import fs5 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a979b7e3de51f33c Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:4302 
      const data = fs5.readFileSync(pathToFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9d09e41d71f89269 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:4506 
        fs5.writeFileSync(filePath, data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #5aa9ee857250ed0d Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:4894 
        const buffer = fs6.readFileSync(absolutePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ad28cbdbb8f2ed8b Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:5188 
import fs8 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #84a879958ae410de Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:5449 
  writeFormattedFile: (file, data) => fs8.writeFile(file, data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f3900c0b7dae0dc6 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:5805 
      input = await fs9.readFile(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

sort-package-json

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #4f50db588cd8cf4d Filesystem access.
pkgs/npm/[email protected]/cli.js:60 
  const original = await fs.readFile(file, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #db308bf6aa8ebb6f Filesystem access.
pkgs/npm/[email protected]/cli.js:67 
    await fs.writeFile(file, sorted)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

source-map-support

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #0d7adeca1b36318d Filesystem access.
pkgs/npm/[email protected]/browser-source-map-support.js:108 
(x.name||"Error")+": "+(x.message||""),E={nextPosition:null,curPosition:null},H=[],M=B.length-1;0<=M;M--)H.push("\n    at "+r(B[M],E)),E.nextPosition=E.curPosition;E.curPosition=E.nextPosition=null;return F+H.reverse().join("")}function u(x){var B=/\n    at [^(]+ \((.*):(\d+):(\d+)\)/.exec(x.stack);if(B){x=B[1];var F=+B[2];B=+B[3];var E=b[x];if(!E&&v&&v.existsSync(x))try{E=v.readFileSync(x,"utf8")}catch(H){E=""}if(E&&(E=E.split(/(?:\r\n|\r|\n)/)[F-1]))return x+":"+F+"\n"+E+"\n"+Array(B).join(" ")+

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4c0fb33ab5819ecf Filesystem access.
pkgs/npm/[email protected]/browser-source-map-support.js:110 
n=C("path");try{var v=C("fs");v.existsSync&&v.readFileSync||(v=null)}catch(x){}var z=C("buffer-from"),G=!1,D=!1,L=!1,a="auto",b={},h={},w=/^data:application\/json[^,]+base64,/,y=[],I=[],K=t(y);y.push(function(x){x=x.trim();/^file:/.test(x)&&(x=x.replace(/file:\/\/\/(\w:)?/,function(E,H){return H?"":"/"}));if(x in b)return b[x];var B="";try{if(v)v.existsSync(x)&&(B=v.readFileSync(x,"utf8"));else{var F=new XMLHttpRequest;F.open("GET",x,!1);F.send(null);4===F.readyState&&200===F.status&&(B=F.responseText)}}catch(E){}return b[x]=

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ad5fa626073c6cb7 Filesystem access.
pkgs/npm/[email protected]/source-map-support.js:6 
  fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c2f8399c07eeeea5 Filesystem access.
pkgs/npm/[email protected]/source-map-support.js:123 
      contents = fs.readFileSync(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8f20e49cabbee790 Filesystem access.
pkgs/npm/[email protected]/source-map-support.js:467 
        contents = fs.readFileSync(source, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ts-node

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #3243b742a6462848 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internal-modules-cjs-loader.js:27 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3243b742a6462848 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internal-modules-cjs-loader.js:27 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c46c190b3e0d0a7f Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internal-modules-esm-resolve.js:39 
const {
  realpathSync,
  statSync,
  Stats,
} = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #431e78b0d0790b43 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internal-modules-esm-resolve.js:43 
} = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #24d24b75c2720917 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internalBinding-fs.js:1 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #24d24b75c2720917 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internalBinding-fs.js:1 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #5ad49824e1b4e55a Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internalBinding-fs.js:13 
    string = fs.readFileSync(path, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #aafcab1d232b1b95 Environment-variable access.
pkgs/npm/[email protected]/dist-raw/node-options.js:48 
  const envArgv = ParseNodeOptionsEnvVar(process.env.NODE_OPTIONS || '', errors);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #867a82fd5fad088d Environment-variable access.
pkgs/npm/[email protected]/dist-raw/node-options.js:99 
  if(process.env.NODE_PENDING_DEPRECATION === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typescript

npm dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #46a133f7db406ff2 Filesystem access.
pkgs/npm/[email protected]/lib/_tsserver.js:51 
var import_fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #cc50326893bd1753 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:309 
    const envLogOptions = parseLoggingEnvironmentString(process.env.TSS_LOG);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9ee85f63a9ba5873 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:535 
  const traceDir = commandLineTraceDir ? (0, typescript_exports.stripQuotes)(commandLineTraceDir) : process.env.TSS_TRACE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0aa66aa981a890b9 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548 
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0aa66aa981a890b9 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548 
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0aa66aa981a890b9 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548 
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0aa66aa981a890b9 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548 
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0aa66aa981a890b9 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548 
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0aa66aa981a890b9 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548 
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0aa66aa981a890b9 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548 
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #db376e75330daa6d Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:565 
    if (process.env.XDG_CACHE_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3d68923e5a477d7a Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:566 
      return process.env.XDG_CACHE_HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #77b602b2500a31ef Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569 
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #77b602b2500a31ef Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569 
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #77b602b2500a31ef Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569 
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #77b602b2500a31ef Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569 
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #77b602b2500a31ef Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569 
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #489c5cdd61d36d6a Filesystem access.
pkgs/npm/[email protected]/lib/_typingsInstaller.js:44 
var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #5475c42bbbe381bc Filesystem access.
pkgs/npm/[email protected]/lib/_typingsInstaller.js:88 
    const content = JSON.parse(host.readFile(typesRegistryFilePath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #07c3940b56117111 Filesystem access.
pkgs/npm/[email protected]/lib/watchGuard.js:42 
var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

yargs

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #7b40c3f23eba8fa0 Environment-variable access.
pkgs/npm/[email protected]/lib/platform-shims/esm.mjs:29 
    return process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • tinyglobby prod — dist-only: no readable source

Development

  • @sap/hana-client dev — tarball exceeds byte cap
  • @tsconfig/node20 dev — no javascript source
  • redis dev — dist-only: no readable source
  • standard-changelog dev — dist-only: no readable source
  • typescript-eslint dev — dist-only: no readable source